Control Even Policing (CoPP) Feature
The cartage managed by a accessory can be disconnected into three anatomic apparatus or planes:
Data plane
Management plane
Control plane
The all-inclusive majority of cartage flows through the accessory via the abstracts plane; however, the avenue processor handles
certain traffic, such as acquisition agreement updates, remote-access services, and arrangement administration cartage such as
SNMP. This blazon of cartage is referred to as the ascendancy and administration plane. The avenue processor is analytical to
network operation. Therefore any account disruption or aegis accommodation to the avenue processor, and hence
the ascendancy and administration planes, can aftereffect in arrangement outages that appulse approved operations. For example,
a DoS advance targeting the avenue processor about involves aerial bursty cartage consistent in boundless CPU
utilization on the avenue processor. Such attacks can be adverse to arrangement adherence and availability. The bulk
of cartage managed by the avenue processor is handled by way of the ascendancy and administration planes.
The CoPP affection is acclimated to assure the above ascendancy and administration planes; to ensure stability,
reachability, and availability and to block accidental or DoS traffic. CoPP uses a committed ascendancy plane
configuration through the modular QoS CLI (MQC) to accommodate clarification and amount absorbed capabilities for the control
plane packets.
As mentioned earlier, the CoPP affection is accessible on all above Cisco router alternation including ISR. Table 4-2
provides a complete account of accordant accouterments and software support.
Table 4-2. CoPP Abutment on Cisco Routers
Router Models Cisco IOS Software Release
Cisco 12000 Alternation Release 12.0(29)S and later
Cisco 7600 Alternation Release 12.2(18)SXD1 and later
Cisco 6500 Alternation Release 12.2(18)SXD1 and later
Cisco 7200 Alternation Cisco 7500 Alternation Release 12.2(18)S and later
Cisco 1751 Router
Cisco 2600/2600-XM Series
Cisco 3700 Series
Cisco 7200 Series
Release 12.3(4)T and later
Cisco 1800 Alternation Cisco 2800 Alternation Release 12.3(8)T and later
Cisco 3800 Alternation Release 12.3(11)T and later
Perform the afterward accomplish to configure and administer the CoPP feature:
Step 1. Define a packet allocation criterion. There are a cardinal of means to assort the blazon of traffic—for
example, by application an admission account or agreement or IP antecedence values.
Code View:
Hostname(config)# class-map {traffic_class_name}
Hostname(config-cmap)# bout {access-list | agreement | ip prec | ip dscp | vlan}
Step 2. Define a account policy. Note that breeze policing is the alone accurate advantage accessible (as of this writing) in the
policy map for CoPP.
Code View:
Hostname(config-pmap)# policy-map {service_policy_name}
Hostname(config-pmap)# chic {traffic_class_name}
Hostname(config-pmap-c)# badge
Step 3. Enter ascendancy even agreement approach application the control-plane all-around command. In this CP submode,
the account behavior are absorbed to the ascendancy plane.
Hostname(config)# control-plane
Step 4. Administer QoS action configured to the ascendancy plane.
Hostname(config-cp)# service-policy {input | output} {service_policy_name}
Note
The CoPP affection is additionally accessible as allotment of the chip Arrangement Foundation Protection (NFP) security
features on the Cisco ISR (Integrated Casework Router) platforms.